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(54) TiUe: PREBOOT PROTECTION FOR A DATA SECURITY SYSTEM 
(57) Abstract 



A secure computer controlling access 
to data storage devices via a card reader. A 
microprocessor-controlled card reader inter- 
face logically connected to the card reader 
and the central processing unit (CPU) of the 
computer reads and writes information from 
and to a card placed in the card reader and 
performs additional functions in response to 
commands received from the CPU. The card 
reader interface includes an encryption en- 
gine for encrypting data in a data storage 
device and a boot ROM containing verifica- 
tion program code executed during an ini- 
tialization procedure. The verification pro- 
gram verifies that a valid user card has been 
placed in the card reader, reads one or more 
questions from the user card, asks the ques- 
tions of the user and verifies the answers 
against the contents of the card. If autho- 
rization is verified, the card reader interface 
permits the user to access the encrypted data. 
Otherwise, the user is denied access to the 
data by one or more of the following meth- 
ods: freezing the system bus, and requiring 
the user to reset the computer and re-enter 
the verification program; logically destroy- 
ing the data in the data storage devices; and 
physically destroying the data storage de- 
vices. 
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PREBCXJTPROfrecnON FOR A DATA SECURITY SYSTEM 

5 Technical Field of the Invention 

The present invention pertains generally to con^uter secunty 
systems, and more particularly to a nricroprocessor-controlled system for 
controlling user access to and dissemination of secure data stored in a secure 
computer. 

10 Background of the favention 

There has been an OTormous increase in the use of conputers 
for processing and storing sensitive information in a wide variety of 
commercial and government qjplications. Computer systems have evolved 
from large systems with restricted access to small systems wWch may be 

15 portable and easily accessed by several users. As conponents have become 
more easily accessible and as demand for easy computer access has spread, 
there has arisen a greater need for the protection of sensitive data 

One method for securing access to con^juter systems is to 
restrict the physical access to the campvler system, however, such restriction 

20 is ineflBcient for typical conputer system installations wiiich fevor shared 
access and increased portability. The cost of securing computer systems by 
restricting physical access is also prohibitive. 

Another method for providiiig security of sensitive data is to 
use a program to restrict access to the conqjuter system However, this 

25 method has drawbacks. For instance, an unauthorized user can often bypass 
the security program or routines vAnch invoke the security program to gain 
access to the conputer system Even if the security program proves to be 
difficult to bypass, the unauthorized user can sinply remove the information 
stored in the conputer by removing the mranory or monitoring the data bus. 

30 For exanqjle, a hard drive codd be removed from the conpiter and installed 
in another con:5>uter to read the contents of the hard drive. 

To prevent sudi unauthorized access and retrieval of sensitive 
information, sensitive data may be destroyed either logically or physically. 
Logical destmction requires that any data destroyed be unintelligible to 

35 another user after the destruction process has taken place. The storage media 
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will typically still be reusable. An exanple of a logical destruction program 
is a program vAnch oases the sensitive files on a hard drive when an 
unauthorized access is detected Physical data destruction, on the other hand, 
requires catastrophic destruction of the storage media to ensure that the 

5 contents in the storage media are irretrievably lost. 

In some qjplications the program destroying the logical data 
fails to conqjletely destroy the data and advanced data retrieval techniques 
may be employed to recover traces of logically destroyed informatioa For 
exarrqjle, information on a hard drive of a corrq^uter may be recovered by 

10 methods wWch detect previously written and erased binary words from trace 
magnetic remnants of the words. If the logical destruction methods are only 
partially effective, physical destmction techniques may also be required to 
ensure that the data is destroyed and cannot be recovered. 

It may be desirable to restrict access to particular peripheral 

15 devices on a conrq>uter or workstation, rather than restricting access to the 
entile conq)uter system Modem conputer security systems fail to provide 
such restricted access. 

Therefore, there is a need in the art for a conputer security 
system wWdi prohibits unauthorized access and vAuch is not vulnerable to 

20 bypass yet maintains the portability and flexibility inherent in a modem 
conq)uter system There is a fiirther need to provide conplete protection of 
sensitive data such that the data may not be recovered by bypassing the data 
protection system or by physical removal of data storage devices. Finally, the 
system must also provide complete destruction of sensitive data to prevent 

25 retrieval of data traces. 

Summary of the Invention 
To overcome these and other shortcomings and limitations in 
the art which will become parent to those skilled in the art upon reading 
and understanding the following detailed description, the present invention 
30 provides a systOTi for controlling access to sensitive information on a 

computer without comproraising the security of sensitive data. Tbe present 
invention restricts coir5)uter access to authorized users. In addition, it detects 
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attenpts to imitate an axithorized user to gain access. Further, the present 
invention provides for configurable logical and physical destruction of 
sensitive Hata and provides means for adjusting the threshold requirement for 
destmction and the level of destmction to suit the degree of security required 
5 for the information stored on the conputer. Finally, the present invention 
provides a means, under the control of a centralized authorization security 
administrator, for limiting access to portions of the overall con^DUter system 
depending on the access privileges configured for each individual user. 

In one embodiment of the present invention, a microprocessor- 

10 controlled card reader interface logically connected to the CPU of the 

conputer reads and writes information from and to an integrated circuit card 
("card" or "smart card") placed in the card reader. The information read is 
presented to the CPU to determine w^ietfiCT the user is authorized to use the 
conputer, the CPU then specifies wiiich peripherals the user is authorized to 

15 access. A card reader interface board logically connected to the data and 
address buses of a conputer monitors address bus of the conputer and 
restricts access to the data storage devices and configurable ports in the 
system and executes a special verification program to verify authorization of 
the user. 

20 According to one embodiment of the present invention, when a 

valid user card is placed in the card reader one or more questions are read 
fi:^om the card and displayed to the user. The user^s responses are conpared to 
the correct answers stored on the card and, if the responses match the correct 
answers, the CPU is allowed to access all peripharals the user has been 

25 authorized to use. Conputer security is inproved by coordinating 

identification information received fi-om the card, user, and conputer RAM to 
ensure proper verification. The system requires that tiie same card, user, and 
conputer be used to control access. 

In one embodiment of this invention, the system provides for a 

30 method of initializing and authorizing a user card with a security administrator 
card Upon a valid security adramistrator card being placed in the card 
reader, a security administrator initializes and authorizes one or more 
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individual user cards by selecting from a list of menu options displayed to the 
security administrator. Tlie security administrator inputs a list of questions 
and answers vAndti are then stored on the user card for use during die 
verification procedure. 

5 In one embodiment of the present invention, the system 

provides for a hierarchy of access privileges by encoding access codes direcdy 
on the card \^di allow users witfi supmor access privileges to access data 
on computers of users with inferior access privileges. The same coding 
system prevents the uscts with inferior access privileges from accessing the 

1 0 conputers of those with sqjerior access privileges. 

In one embodiment of the present invention, the system 
provides for tiie physical or logical destruction of data in response to 
unauthorized attenpts by a user to violate the physical or logical integrity of 
the con5)uter system. The physical and logical destruction of data may be 

15 disabled for maintenance or configuration purposes by use of a maintenance 
card 

The preceding and other features and advantages of flie 
invention will become finther parent from the detailed description that 
follows. This description is acconrpanied by a set of drawing figures. 
20 Numerals are enqjloyed throughout the written description and the drawings to 
point out the various features of this invention, like numerals referring to like 
features throughout. 

Brief Etescription of the Drawings 
In the drawings, where like numerals describe like conponents 
25 throu^out the several views: 

FIGURE 1 A is a perspective view of a first anbodiment of a 
secure conputer system inplemented according to the present invention; 

FIGURE IB is a block diagram showing the high-level 
architecture of a first embodimmt of a secure con^mter system inplemented 
30 according to the present invention; 
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FIGURE IC is an electrical block diagram showing the 
microprocessor-controlled card reader interface for a first raibodiment of a 
secure conqjuter system according to the present invention; 

FIGURE ID is a perspective view of a second embodiment of a 
5 secure conputer system in5)lOTiented according to die present invention; 

FIGURE IE is a perspective view of a third embodiment of a 
secure conputer systOTi inq^lemmted according to the present invention; 

FIGURE 2A is a block diagram of a conputer system with a 
hard drive and interface board; 
10 FIGURE 2B is a block diagram showing how a computer 

system with hard drive is modified to create a secure computer system 
according to a second embodiment of the present invention; 

FIGURE 3 is a block diagram showing the higji level 
architecture of a secure computer system according to a second embodiment 
15 of the present invention; 

FIGURE 4 is a block diagram showing the high level 
ardiitecture of one embodiment of the control ASIC shown in FIGURE 3; 

FIGURE 5 shows a block diagram illustrating the operation of 
one embodunent of the data steering network shown in FIGURE 3; 
20 FIGURE 6 is a block diagram showing the loader program and 

verification program resident in* the read only memory (ROM) of one 
embodiment of the card reada- interfece board of FIGURE 3; 

FIGURES 7A, 7B, 7C, and 7D are a flow diagram showing 
program steps taken to initialize and execute the security portion of a secure 
25 computer system program according to the present invention; 

FIGURE 8 is a block diagram showing a hierarchy of access 
for users of a secure coir^Duter system; and 

FIGURE 9A and FIGURE 9B illustrate a pictorial display of 
one embodiment of a mounting scheme used to co-locate a card reader and 
30 hard drive. 
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Detailed Specificarion of the Preferred Embodiments 
In the following detailed desoiption of the prefenned 
embodiments, reference is made to the acconpanying drawings \\4iich form a 
part hereof, and in vAnch is shown by way of illustration specific 
5 embodiments in vAnch the invention may be practiced It is to be understood 
that other embodimrats may be utilized and stractural changes m^ be made 
without departing firom the scope of the present inventioa 

FIGURE 1 A shows the con^xMients of a conputer system to be 
secured with a card reader interface according to a first embodiment of the 

10 present invention. This embodiment was shown in US, Patent No. 5,327,497, 
issued July 5, 1994, by Mooney, et. al. The conputer system includes a 
keyboard 101 by vMdi a user may input data into the system, a conputer 
chassis 103 vAnch holds electrical conqxments and peripherals, a screen 
display 105 by vAnch information is displayed to the user, and a pointing 

15 device 107, the system conponents logically connected to each other via the 
internal system bus of Ae conputer. A card reader 111 is connected to the 
secure conputer system via card reader into-face board 109. The preferred 
card reader 1 1 1 is an Anphenol® "Chipcard" acceptor device, part number 
702-10M008 5392 4794, which is compatible with International Standards 

20 Organization (ISO) specification 7816, althou^ one skilled in the art would 
readily recognize that other card reader devices vAndti conform to ISO 7816 
may be substituted 

In order for the conpiter system to be secured, a card reader 
interface is integrated into the computer system in a manner similar to that as 

25 revealed in FIGURE IB. A card reader inta:fece board 109 contains a 

microprocessor 116 connected to the CPU of the conputer via a second data 
bus 117, cormected to RAM 127 via a third data bus 131, and connected to 
the card reader 111 via a fourth data bus 133. The interface board 109 is 
typically in:plemented with printed circuit board tedmology, althou^ other 

30 equivalmt tedmologies may be substituted without loss of generality. 

Peripherals 121 within cornputer 103 are controlled by the CPU 123 and PLD 
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129 with a power cx)ntrol circuit 1 19, which turns power off and on to 
periphCTals 121. A system boot ROM 126 logically connected to the CPU 
123 to start executing a non-volatile program contained in PLD 129 upon 
initialization of the corrpiter during power-iq), clear, or warm-boot reset. 

5 An IC card 1 15 is used in conjunction with card reader 111. 

The preferred card 1 15 is a MICRO CARD® or GEMPLUS® card (for 
example, Scot 100, TBIOO, or COS IC cards), which is con^jatible with ISO 
7816. By conforming to this standard, the card 115 enables the si^jport of 
Data Encryption Standard (DBS) data encryption and decryption functions. 

10 One skilled in the art would readily recognize that other cards v^ch conform 
to this standard and provide data encryption and decryption functions may be 
substituted The ability to encrypt and decrypt data is inportant, since the 
present invrntion is designed to ensure that unencrypted sensitive data does 
not reside in the CPU v^ere it could be read by an unauthorized user. 

15 The schematic for card reader interface 109 is described in 

greater detail in FIGURE IC. Microprocessor 1 16 is powered by circuit 135, 
and controls system functions via connections to the system data bus 125. 
System resets are initiated by clear line 137. Validation and authorization 
information is transferred between the miCTOprocessor 1 16 and RAM 127 via 

20 the third data bus 131 in conjunction with address or data select line 141, 

strobe line 143, and chip select line 145. Backup power is provided for RAM 
127 by a +5 volt litfiium battery 139. 

The microprocessor 1 16 communicates with systrai data bus 
125 as a SCTial communications device using CTS line 147, DTR line 149, 10 

25 MHz clock line 151, serial data out line 153, and SOTal data in line 155. A 
separate 3.5 MHz clock line 157 is used to provide a clock signal to PLD 
129, which is used by the microprocessor 1 16 for card reset control via line 
159, card serial data control via line 161, and card interrupt control via line 
163. The PLD 129 in turn connects to the card via card serial data contact 

30 177, card clock contact 179, and card reset contact 181. 

Mcroprocessor 1 16 also has the ability to control the physical 
destmction of data within the con5)Uter systrai via line 165. A physical 
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destruction device may be triggered using line 165 as a destruct signal. For 
exanple, line 165 may be connected to a mechanism containing a chemical 
solution vsdiich is sprayed onto a hard disk contained in the secure computer 
system when an unauthorized user attempts to violate the physical or logical 
5 integrity of the conq)uter system Sev^al destract mechanisms are taught in 
the prior art, and one of ordinary skill in the art would recognize that other 
equivalent destruction chemicals and mechanisms may be substituted without 

loss of generality. 

The microprocessor 1 16 uses power control line 173 with 

10 switch 171 and +5 volt relay 175 to provide power to the card via card logic 
voltage sipply contact 183 and card programming contact 187. The card is 
grounded via card ground contact 185, and drtected by applying power 
through card detect power contact 191 to microprocessor 1 16 by card detect 
contact 189. Card contacts 193 and 195 and line 197 are reserved for fliture 

15 use. 

FIGURE ID shows the components of a second embodimait of 
a secure conpxiter system according to the present invention Secure 
conputer system 100 includes a keyboard 101 by vMch a user may input data 
into the system, a conputer chassis 103 wttch holds electrical con5X)nents 

20 and periph^als, a screen display 105 by vvtrich infonmation is displayed to the 
user, a secure hard drive 1 13, and a pointing device 107, the system 
con5X)nents logically connected to each other via the internal system bus of 
the conputo:. A card reader 1 1 1 is connected to the secure conputer system 
via card reader interface board 109. As in the first OTibodiment, the preferred 

25 card reader 1 1 1 is an Anphenol® "Chipcard" acceptor device, part number 
702-10M008 5392 4794, wiiich is conpatible with faitemational Standards 
Organization (ISO) 7816 specifications. One skilled in the art would readily 
recognize, however, that other card reader devices which conform to ISO 
7816 may be substituted FIGURE ID shows card reader 111 and secure hard 

30 drive 1 13 co-located in a single peripheral bay. Other mounting techniques 
are available, however, which would not modify the scope of the present 
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invOTtion, for exanple, positioning card reader 1 1 1 externally as shown in 
FIGURE IE 

FIGURES 2A and 2B illustrate the modifications required of a 
standard personal con^^uter system 705 in order to create a secure conputer 

5 system 100 according to the present inventioa FIGURE 2 A is a sinplified 
block diagram of a conputer system 705 commonly found in the prior art 
Central processing unit (CPU) 290 is connected to dedicated hard drive 
controller logic 710 vAnch serves as an interface for the conputer system to 
hard drive 1 13. Typically, hard drive controller logic 710 is a printed circuit 

10 board vAnch is installed in the backplane or integrated into the motherboard of 
computer 100, and hard drive controller logic 710 is connected to hard drive 
1 13 using a multiconduaor cable 720. Hard drive 113 may be mounted 
externally to conputer 705, or internally. 

FIGURE 2B shows how the standard personal conputer 705 is 

15 converted to a secure conputer system according to one embodinfient of the 
present inventioa In FIGURE 2B, secure conputer system 100 is formed by 
adding integrated circuit (IC) card 1 15 and attaching card reader 1 1 1, cable 
730, and card reader interface board 109 to system 705. Card reader 1 1 1 may 
be added to the system by removing cable 720 fi*om hard drive 1 13 and 

20 connecting it to card reader mterface board 109, then connecting card reader 
1 1 1 to card reader interface board 109 via cable 731. Hard drive 1 13 is 
connected to card reader interface board 109 using cable 730. 

Card reader 1 1 1 acts in concert widi card reader interface board 
109 to limit access to sensitive data stored both on hard drive 1 13 and card 

25 reader interfece board 109, Integrated circuit card 115 is preprogrammed with 
information used to verify that the user is authorized to access the smsitive 
data stored on hard drive 1 13. Security for sensitive data stored on hard drive 
1 13 is provided by requiring a minimum of three distinct sources of 
authorization verification information in order to access the sensitive data In 

30 order to gain access to the sensitive information stored on hard drive 1 13, 
both card 115 and card reader interface board 109 must presmt proper 
identification information and the user must enter a series of predeteraiined 
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answers to a series of predetermmed questions. If any of the sources of 
identification information is incorrect, board 109 may prevent access to the 
secure cc^uter syston 100 by fi^eezing the system bus 292 (requiring cycling 
of the system power to reset secure con?)Uter system 100), logically 

5 destroying any sensitive data on the system, or physically destroying the 
storage devices containing sensitive informatioa 

The details of one embodiment of the present invention will be 
specified in greater detail using the following figures. FIGURE 3 is a detailed 
electrical block diagram of the secure conqjuter system 100 of FIGURE 2B, 

10 showing connections between card reader interface board 109, card reader 
111, secure hard drive 113, and central processing unit (CPU) 290. In the 
present invention, independent, dedicated data buses are en5)loyed such that 
card reader interface board 109 communicates with card reader 11 1 via card 
reader bus 225, hard drive 1 13 via hard drive bus 272, and CPU 290 via hard 

15 drive controller Ic^c 710 and system bus 292. (hard drive bus 272 is 

analogous to cable 730 of FIGURE 2B and system bus 292 is analogous to 
cable 731 of FIGURE 2B.) The utilization of independent dedicated data 
buses for communications with card reader 111, hard drive 1 13, and CPU 290 
decreases the chances for retrieval of sensitive data and encryption 

20 information, since system bus 292 transfers only unencrypted data to the 
conr^juter system fi^om card reader interface board 109. An unauthorized 
intruder would have to monitor all three buses to attenq^t to decipher the 
encryption codes used and the method by vMch the security system interacts 
with the computer system 

25 FIGURE 3 also shows the interconnections of the conponents 

on card reader interface board 109. bi one embodiment, the card reader 
interface board 109 contains a ZUog Z86C61 16 processor 220 for controlling 
data transfer between card reader 111, hard drive 1 13, and CPU 290. The 
Z86C61 16 is an 8-bit data bus, 16-bit time-multiplexed address bus 

30 microprocessor specified in the Zilog Z8 Ivficrocontrollers Book, DC8305-01 
(1993), wiiich is incorporated herein by reference. Other microprocessors may 
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be readily substituted without materially affecting the scxjpe of the present 
invention. 

Processor 220 controls the transfer of data on card reader 
interface board 109 by issuing commands to control ASIC 230. Control ASIC 
5 230 acts as "glue logic," under control of processor 220, coordinating the 
operation of data steering networic 240, dphar engine 270, and processor 220 
to control information transfer between CPU 290, RAM 260, and hard drive 
113. 

Data steering network 240 is an 8-bit controllable mp\A and 
10 output port circuit designed to allow processor 220 to communicate with 
RAM 260 and cipher engine (CE) 270, but to prevent unauthorized access by 
a user controlling system bus 292 to retrieve data from RAM 260. FIGURE 5 
is a block diagram showing the operation of the data steering networic 240. 
Data steering network 240 essentially operates as an ei^t bit wide 
15 bidirectional parallel multiplexer v^ch limits data transfer from processor 220 
to RAM 260, or altanalively to GE 270 (and, therefore, potentially to system 
bus 292 if port A 274 and port C 278 of CE 270 is connected). Attenpts to 
read information from the address space assigned to RAM 260 which 
originate from the system bus 292 are inqx)ssible, since RAM 260 is logically 
20 isolated such that no address space exists from system bus 292 to access 
RAM 260. 

Returning to FIGURE 3, in one embodiment cipher engine (CE) 
270 is an 8-bit NSA certified DES Kicryption engine meeting specification 
DES 3. Such a device is manufactured by Conputer Hektronik as part 
25 number CE99C003. Further information detailing flie operation of that 
embodhnent of CE 270 may be found in CE Infosys 99C003 Data Sheet 
Version 1.01. 

CE 270 is controlled by processor 220 via data steering 
network 240 by commands received at port C 278. CE 270 m^ be instructed 
30 by processor 220 to provide a data path between port C 278 and port A 274 
(no encryption) or between port A 274 and port B 276 (DES encrypted data 
output from port B 276, and rwnmcrypted data from port A 274). During 
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system initialization a data path between data steering network 240 and 
system bus 292 is created using port C 278 and port A 274 wii^eby 
nonencrypted data can be transferred under control of processor 220 to system 
bus 292 via hard drive controller logic 710. Once user authorization is 

5 verified and there are no pending security violations detected, CE 270 uses a 
to DES raoypt data transmitted by port B 276 to hard drive 113. 
Similarly, CE 270 deciphers aicrypted data from hard drive 1 13 and presents 
it to system bus 292 via hard drive controller logic 710 \\4ien port A 274 to 
port B 276 channel is allowed One skilled in the art would readily recognize 

10 that other cipher engines wiiich conform to the above-mentioned standards and 
siqjport data encryption may be substituted without materially modifying the 
spirit and scope of the present inventioa 

RAM 260 is subdivided into secure and open segments by 
memory m^>ping the secure segmmts such that they are accessible only to 

15 processor 220. This prevents both accidental and intentional loss of secure 
information from the RAM 260 to the system bus 292. RAM 260 is 
addressable only by processor 220 and contains DES base kernel key 
encryption information and answers to verification questions retrieved from 
card 1 15 by processor 220. The open portion of RAM 260 contains the 

20 verification questions retrieved from card 1 15 and other nonsaisitive data. 

As can be seen in FIGURE 6, ROM 280 contains loader 
program code 610 and verification program code 620 used by the CPU 290 
vpon initialization to load and execute the vmfication program. Since 
standard BIOS routines attenpt to boot fix)m the C: drive the use of ROM 280 

25 in concert widi processor 220 and control ASIC 230 to simulate a C: drive 
allows the present invention to be used in the standard IBM compatible 
personal ccfmputcr without having to modify the system BIOS (basic 
iiqnit/output systan). 

Card 115 is used with card reader 1 1 1 under control of 

30 processor 220 to provide the compitCT system 100 with information 
concerning DES key encryption, verification questions and answers, user 
access privilege level, e?qjiration date, origin of card issuance, and card usage 
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history. As in the first embodiment, the preferred card 1 15 is a MICRO 
CARD® or GEMPLUS® card (for example, Scot 100, TBIOO, or COS IC 
cards), wWch is conpatible with ISO 7816. One skilled in the art would 
readily recognize that other IC cards vAnch confonm to this standard and 

5 provide data encryption and decryption functions may be substituted without 
materially modifying the spirit and scope of the present inventioa 
T .OGTCAL & PHYSICAL DESTTIUCT HARDWARE 

Control ASIC 230 also monitors atterrq)ted unauthori2ied 
retrieval of data firom the protected storage devices and presents information 

10 to processor 220 if control ASIC 230 detects an attainted unauthorized 
access. Processor 220 monitors signals firom the control ASIC 230 and 
commands control ASIC 230 to issue a command to eitfier logically or 
physically destroy protected information in RAM 260 or secure hard drive 
113. Logical destruction of data on the RAM 260 is acconplished by 

15 asserting trigger signal 21 1 emanating fi"Qm processor 220, clearing die 

contents of RAM 260. Logical destruction of the sensitive data on hard drive 
113 follows naturally, since the DES encryption key synthesis information is 
destroyed vAen the RAM 260 data is destroyed, and, without the DES key, 
the information on hard drive 1 13 is logically irretrievable. Physical 

20 destruction of data can also be acconplished by asserting physical destruct 
signal 212 emanating fi'om processor 220, as a means of triggering a physical 
destmct package 213. As in the first onbodiment, several physical destruct 
packages are disclosed in the prior art, such as a ferric chloride spray or 
plastic explosive package. 

25 Card reader interface board 109 also contains an extra defense 

against physical tan5)ering. In one embodiment, a transistor circuit 210 is 
used to rapidly erase the contents of dynamic RAM 260. In such an 
embodiment, circuit 210 grounds the power pin of RAM 260 to erase the 
contents of RAM 260. In normal operation, trigger signal 21 1 is not asserted, 

30 thereby allowing the collector of transistor circuit 210 to remain at a voltage 
of ^^proximately Vcc. In this mode of operation RAM 260 is powered by the 
si9Jply voltage Vcc whoreby current travels through diode 261 and fuse 263 to 
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RAM 260. If power is interrupted the battery 200 provides current to RAM 
260 through diode 262 and fuse 263. 

When the trigger signal 21 1 is asserted (by processor 220) the 
collector of npn transistor 210 is forced to a low voltage and current flowing 

5 through diode 261 is sufficient to bum the fuse 263, thereby allowing the Vcc 
terminal of RAM 260 to drop to zero volts and erasing the logical contents of 
RAM 260. Alternatively, if the battery 200 is supplying RAM 260 with 
current, the trigger signal 21 1 will cause sufficient current to flow throu^ 
fiise 263 to bum fuse 263, and again, the voltage at the Vcc terminal of RAM 

10 260 will drop to zero volts and erase the logical contents of RAM 260. 
Processor 220 can initiate the logical destruct feature if control ASIC 230 
alerts processor 220 that an unaufliorized access is being attenpted 

The logical and physical destruct mechanisms described provide 
several different levels of data security. In one embodiment of the present 

15 invention there are five selectible security levels: 

1) Freeze the conputer system bus, requiring a "cold boot," 
(power off and Aen on or "r^et"); 

2) Alter the contents of the integrated circuit card so that 
the card must be iqxlated to be authorized for another session; 

20 3) Qear RAM 260 of the stored kernel for the encryption 

key; 

4) Logical destruction of RAM 260 memory, requiring 
reinitialization of RAM 260 before another session rmy be performed on the 
conrpata: system; and 

25 5) Physical destruction of conputer system memory. 

Other security levels are possible and those skilled in the art will recognize 
that combinations of these levels of security are possible without departing 
from the scope and spirit of the present invention. 
INTERFACE BOARD CONTROL & COMMUNICATIONS 

30 Activities on the card reader int^lace board 109 are 

coordinated in part by code '"burned into" an internal ROM in processor 220 
and in part by execution of an authoriTation verification program as detailed 
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below. This allows processor 220 to respond to commands issued by CPU 
290 during the airthorization verification program execution, yet maintain 
security of sensitive data on card reader interface board 109 by acting as a 
dedicated controller of sensitive DES encryption data and authorization data 
5 Processor 220 communicates with control ASIC 230 to control data steering 
network 240 and ROM 280, and controls CE 270 using commands issued on 
bus 222 to CE 270 via data steering network 240. Processor 220 is solely 
responsible for communications with card reader 111, wttch enhances the 
overall security of the present invention since sensitive data is not placed on 

10 the system bus 292 where it is vulnerable to retrieval. 

Control ASIC 230 is connected to ROM 280 and data steering 
network 240 using bus 223 and is also connected to the monitor and fi-eeze 
control lines of CPU 290 which allows control ASIC 230 to "fi-eeze" system 
bus 292 upon demand by fi-eezing the system bus 292 if a prohibited access is 

15 detected over the monitor lines. Control ASIC 230 sends a signal to 

processor 220's INT intemqDt 221 wiien it freezes system bus 292 to inform 
processor 220 that the bus was fi^ozen, since processor 220 is not connected to 
system bus 292. 

Control ASIC 230 contains a counter (not shown) vAnch counts 

20 the number of "sectors" retrieved firom ROM 280 during boot and loading 
fimctions (described below) to simulate a hard drive interface to CPU 290. 
Processor 220 is notified by control ASIC 230 when the last byte of program 
inforafialion is read firom ROM 280 by CPU 290. Cipher Engine 270 routing 
is controlled by signals fix)m processor 220 to control ASIC 230, and m^ be 

25 programmed to connect port A 274 to port C 278 to aUow processor 220 to 
communicate with system bus 292 (and CPU 290), or connect port A 274 to 
port B 276 to allow CPU 290 to communicate with hard drive 1 13 once 
security conditions have been satisfied, as detailed below. 

FIGURE 4 is a block diagram of tfie fimdamental componaits 

30 of control ASIC 230. Control ASIC 230 includes a control register 950 with 
bits assigned for the control of data steering network 240 and ROM 280 via 
control port (CP) 910. These hits control whether bus 222 is connected to 
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RAM 260 or CE 270 via data steering network 240, Similarly, the cxmtrol 
bits assigned to the control of ROM 280 assist in the simulation of a C: drive 
during the BIOS initialization vAnch is detailed below. Control register 950 is 
programmed by instructions from processor 220, and the status of the control 
5 bits may be determined by reads from processor 220 of status register 960 via 
processor port 980. INT port 900 is also connected to the control and status 
registers, and indicates when the system bus 292 is "frozen" when a security 
violation is detected as described above. 

In one embodiment of the present invention, processor 220 

10 programs registers (not shown) in bus address monitor 930 by transmitting 
mask words to these registers via processor port 980. Each nfiask word 
corrpises a programmable template identifying authorized peripherals for the 
particular user as defined by the card 115 wiien issued by the security 
administrator during the authorization visit, described below in the 

15 SECURTIY ADMMSTRATOR AUraORIZATION VISI^ Control 
ASIC 230 is connected to system bus 292 (as shown in FIGURE 3) via bus 
port 920, and can therefore monitor the etiwxptcd accesses on system bus 292 
and conpare them with the tenq^lates stored in bus address monitor 930 using 
combinational logic 940 to determine if an unauthorized poipheral access has 

20 been attenpted. If an unauthorized peripheral access is attenpted one 

embodiment of the present invention will freeze the system bus 292; secure 
conputer system 100 remains unusable until a power cycle of computer 100 
(to reset conqjuter 100) is performed. Port 920 of control ASIC 230 is 
connected to hard drive controller logic 710, as shown in FIGURE 3, in order 

25 to control access to hard drive 1 13 in a manner known to those skilled in the 
art. 

Bus address monitor 930 monitors system bus 292 references to 
pOTpheral devices such as serial and parallel ports, networics, and A or B 
floppy disks. Bus address monitor 930 monitors normal BIOS references 
30 during initialization, such as reset, warm, or powo^-up boot, and monitors to 
detect attenpted prohibited accesses to denied peripheral devices as defined 
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on card 115 during the authorization visit (see SECURITY 
ADMINISTRATDR AUTHORIZATION VISIT section below). 
DATA STEERING NETWORK 

Data steering networic 240 is shown in a sinpUfied block 
5 diagram in FIGURE 5. Data steering networic 240 essentially acts as a 

bidirectional, eight bit parallel, steerable data diannel. Control ASIC 230 can 
control \^^lethe^ the eight bit bus 222 from processor 220 is connected to 
RAM 260 or CE 270 by decoding the address on bus 222 and selecting inp\st 
20 of the data steering networic 240. Control ASIC 230 can also disable the 

10 data steering network 240 by toggling enable input 30 of data steering 
network 240. This operation also ensures that CE 270 is never directly 
connected to RAM 260 via data steering networic 240, adding to the 
protection of data stored in RAM 260. 
TYPES OF CARDS AND THEIR FUNCTION 

15 Th^e are essentially three types of cards: maintenance, issuer, 

and user cards. The maintenance card allows the user to access the system 
only for diagnostic purposes, but no sensitive data is accessible using the 
maintenance card An issuer card is the topmost card of the security 
hiCTardiy. It enables the issuing program to configure a plurality of 

20 subordinate user cards. In one embodiment, user cards can CTeate subordinate 
user cards and allow the user to access peripherals per privileges granted by 
the issuer during card configuration Tbe user cards enable users to access the 
secure information on conputer 100. 

One embodiment of the security hierardty is shown in FIGURE 

25 8. Box 500 represents an issuer card called the issuing office card Box 501 
is also an issuer card called the security administrator's card The issuing 
office card 500 is used to create the security administrator's card 501, wirich 
in turn creates subordinate user cards represented as the remaining boxes in 
FIGURE 8. In this embodiment, tiie issuing office card 500 may not access 

30 data in con^uta: system 100; its purpose is to create subordinate user cards, 
such as cards 510, 530 and 540. 
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SEQJRrrY ADMINISTRATOR AlTmORIZATlON VISIT 

The next section of the specification of the present invention 
requires a discussion of the information stored on the user card 115 prior to 
the first use of the card 1 15 by a user. A special card issue program is run on 
5 a conqjuter systOTi 100, as shown in FIGURE ID, which programs the user 
card 115 pursuant to ISO 7816 specifications. This programming is typically 
done by a security administrator who is responsible for determining the scope 
of authorization of the particular user. Such a session is called an 
authorization visit. 

10 The card issue program used to conduct an authorization visit 

will store in separate registCTS located on card 115: e?q)iration date of the 
card; the code associated with the issuing oflBce; the peripherals ^ch this 
particular user may access with this card; a code identifying the card as a 
maintenance card, issue card, or user card; the level of authorization of tiie 

15 user of the card (see the ACCESS HIERARCHY discussion of FIGURE 8, 
below); a series of questions used to identify the user, and their associated 
answers. 

A "first use" register is also dedicated to indicating whether the 
card has been used before to allow the system to identify first use. First use 

20 presents an opportunity to configure computer system 100 by storing in RAM 
260 sensitive data pertaining to the specific user. In the event the information 
on RAM 260 is erased, the first use register indicates tiiat the card 115 was 
used at least once and the user will be required to report to the security 
administrator to have the card reissued before secure computer system 100 

25 will accept it. 

A retry counto- register is also programmed during the 
authorization visit whidi contains a value spedfydng tihe number of errors a 
potential user can make in answering the user identification questions before 
the system terminates the verification process. In addition, catain information 
30 is stored in the card automatically under ISO 7816 specification, sudi as the 
type of card vMdi is being used (for exanople, MICRO CARD® or 
GEMPLUS® cards) and the amount of memory available on the particular 
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card One skilled in the art would readily recognize that the information 
stored on the card may be stored in other configurations without materially 
modifying the scope and spirit of the present inventioa For exanple, the 
numbo* of questions may be varied without materially changing the inventioa 
5 QUESTIONS AND ANSWERS USED FOR IDENTIFICATION 
VERinCATION 

A series of questions are posed in a consistent format, and the 
answers are recorded to identify a particular user. For cxamph, one question 
the user nii^t be asked is: "What is your favorite color?" The user should 

10 respond with a text string entry which matches the prerecorded answer. 
Therefore if the user responds: "Blue", but the answer was prerecorded as 
"B@L$U*E!", the response will be incorrect and, depending on the value set 
in the retry counter, the user may be denied access or allowed to answer 
another questioa One embodiment of the present invention uses fifteen 

15 questions to identify dae user. Sudi an ^jproadi reduces the chance an 
unauthorized user can acquire the correct responses through surreptitious 
means. It should be obvious that any subcombination of the fifteen questions 
may be used for identification purposes. In one embodiment of the present 
invention, a random number gen^ator decides the number of questions to ask 

20 (minimum three), and the particular questions selected However, it is clear 
that the number of questions and their selection process may be alta^ 
without materially altoing the scope of the present invention 
INITIALIZATION OF THE SECURE COMPUTER SYSTEM 

FIGURE 7 shows a flow diagram detailing the procedure by 

25 \\iiich the present invention acquires control of the conputer for user 

identification and verification purposes iqxm an initialization such as power 
up, clear, or warm boot reset. Those skilled in the art will readily appreciate 
that minor modifications to the order or exact irrplementation of the following 
stqjs will not materially modify either the scope or spirit of the presOTt 

30 inventioa Upon initialization, at step 704 the standard con^mter BIOS will 
query the corrqDuter system to determine the presrat configuration of the 
system. Processor 220 is programmed to monitor and save BIOS routine calls 
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made by the secure conputer system's BIOS during step 704. Control ASIC 
230 assists processor 220 in monitoring and memorizing the BIOS routine 
calls. The memorized calls are then used as a tenplate for conparison 
purposes to ensure that subsequent reboot of the computer system with the 
5 standard opiating system conforms with the initial pattern. Such a chedc 
verifies that the system BIOS is, indeed, in control of the subsequent reboot 
process. This prevents loading of another system BIOS to bypass the security 
system in order to access sensitive data 

As detailed above, the hardware preset on card reader 

10 interface board 109 is designed to simulate the presence of a hard drive. At 
initialization, CPU 290 executes the standard BIOS routine of loading the first 
"one and/or two sectors" fi"om the C: drive. Card reader interfece board 109 
intercepts the read issued by CPU 290 and directs it to ROM 280. As is 
illustrated in FIGURE 6, ROM 280 contains loader program code 610. 

15 Therefore the first one or two sectors of the "C: drive*' are read fi*om ROM 
280. (Whether one or two sectors are loaded depends on the type of CPU 
290, speed of CPU 290, and type of BIOS used by the conq^uter system) 
Loader program code 610 is then executed by CPU 290 to retrieve, at 709, the 
remaining "sectors" of ROM 280. Those sectors contain a verification 

20 program (620 of FIGURE 6) used to verify the authorization of the user to 
access the system Control ASIC 230 monitors the loading process, informing 
processor 220 at step 712 v^en flie last byte of code is loaded into CPU 290 
so that processor 220 is aware Aat the verification program is about to 
execute on CPU 290. Processor 220 then generates, at step 713, unsolicited 

25 card status fi*om card read^ 111. Mean\\4iile, at 714, CPU 290 executes 
verification program 620. When unsolicited card status has been retrieved, 
processor 220 instructs control ASIC 230 to connect processor 220 to system 
bus 292 via data steering network 240, CE 270, and hard drive controller 
logic 710 (step 721). Processor 220 ihen tr an smits the status of card reader 

30 1 1 1 to CPU 290, however, the verification program will loop until unsolicited 
card status is recdved firom processor 220 (step 722). 
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USER AUTHORIZATION VERIFICATION PROCEDURE 

At this point, the processor 220 is actually controlling system 
bus 292 using handshaking lines, yet processor 220 is responding to requests 
made by CPU 290 throughout the execution of the verification program CPU 
5 290 receives an inteniipt indicating that a card was inserted, and \^ilether a 
conductive card is present (steps 724 and 728). If no card is present, then a 
message to "insert card" is flashed to the operator on display 105 (step 726). 
If the card 1 15 is conductive, then the system bus 292 is frozen and the 
verification process is terminated (step 736). If the card 115 is 

10 nonconductive, then power is applied to the card reader 1 1 1 (step 729). Upon 
powenq), the card 1 15 issues an unsolicited reset message v^ch is transferred 
to the CPU 290 by processor 220 (step 732). Processor 220 resets card reader 
1 1 1 by holding the RST signal (224 of HGURE 3) low (active) for a 
specified time as defined by ISO 7816-3, and then raises the signal to indicate 

1 5 end of reset to card 115. Card 1 15 issues a reset message to processor 220 
via card reader 1 1 1 which identifies wiiether the type of card being used is 
MICRO CARD® or GEMPLUS® (per ISO 7816, MICRO CARD® and 
GEMPLUS® Technical Manuals) (step 734). If the card 1 15 is not an 
acceptable card, then processor 220 freezes the system bus 292 and terminates 

20 the authorization process (step 736). If the card is accepted as potentially 
vahd then the verification program determines if the card was issued by the 
correct issuing ofiBce (step 742). The expiration date is also retrieved from 
the card by processor 220, but must be smt to CPU 290 because processor 
220 does not have a clodc/calendar to con:5)are the expiration date (step 744). 

25 If either of the tests in stqDS 742 or 744 feil, then system bus 292 is frozen by 
processor 220 and the verification process is stopped (step 736). If the card 
1 15 meets the previous tests, thai CPU 290 instnicts processor 220 to read 
several questions and their associated correct responses from the card 115 and 
load them into RAM 260 (step 746). In one embodiment of the present 

30 invention, the answers are stored in the secure area of RAM 260 and the 
questions, vMoh are nonsensitive, are stored in the open area of RAM 260. 
The user is then queried for responses to questions read from card 1 15 and 
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must answer the questions coirecdy to gain access to the computer. The first 
question is displayed to the user (step 748), an operator response is received 
by CPU 290, fonnatted, sait to processor 220, and conpared by processor 
220 with the answers stored in the secure space of RAM 260 (steps 752 and 

5 754). A retry counter located in processor 220 is incremented each time an 
error is made in answering the questions, and is preprogrammed by the 
security administrator to terminate the verification program if the number of 
erroneous responses exceeds the preprogrammed value (steps 758 and 736). 
This protection is installed to prevent an unauthorized user of a card fi-om 

10 repeated guesses of the correct answers to the posed questions. 

After the last question is asked (step 762) the DES encryption 
key is calculated (step 764). In one embodiment of the present invention, the 
key is calculated using user unique binary information stored on the card 1 15 
and in the RAM 260. This allov^ the program to calculate unique keys even 

15 if the key generation equation is identical firom user to user, since the inputs 
identifying eadi user will be dependent on tiie answers given by the user, and 
therefore, the calculated key will be unique. Another embodiment of the 
present invention will have the verification program pronpt the user with an 
additional question to assist in the key randomization process. Alternate 

20 embodiments of the present invention could insert such a question at any 
point in the verification program prior to the key generation step. In one 
embodiment of the present invention, the key generation algorithm is given by 
the pseudocode shown in TABLE 1: 

25 TABLE 1 
BEGIN: 

read the binary data frcm card 115 associated 
witJi the prerecorded questions and answers; 

reduce the binary value by powers of nine; 
30 store tJie carries generated in a register to form 

a random number; 

excl\isive or the random number generated in t±ie 
previous step with data stored in RMVI 260 of secure 
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conputer system 100 to generate 15 strings of 64 bits, 
which will serve as potential keys for encryptions- 
load the sixteen keys into CE 270; 
generate a random number between 1 and 15; 
5 select one of the sixteen keys using the random 

niomber; 

use that key for encryption piirposes; 

END. 

10 However, it will be clear to those skilled in the art that other formulas may be 
used without materially modifying the spirit and scope of the present 
inventioa 

After the key is generated, it will be loaded, along with an 
encryption table, into the CE 270 (step 772), so that the CE 270 will be ready 

1 5 for encryption if the test of the loading is passed (step 774). If the table is 
not loaded correctly, then the verification program will terminate (step 736). 
If the table is loaded correctly, the processor 220 reviews tfie entire history of 
the verification sequence (776) to ensure tfiat all of the required tests have 
passed (778) before connecting the system bus 292 to CE 270 (782). If, at 

20 778, all required tests have not passed correctly, the vaification program is 
terminated at step 736. Otherwise, the CPU 290 will then boot fix)m hard 
drive 1 13 in order to execute the disk operating system for secure con^uter 
100 (step 784). Processor 220 monitors this reboot process using control 
ASIC 230 to monitor the BIOS routine calls to ensure that the native system 

25 BIOS is properiy rebooting the conpiter fi-om hard drive 113 (step 786). If 
any unauthorized accesses are attenpted, system bus 292 is fi-ozen and the 
verification program terminates (steps 792 and 736). Unauthorized accesses 
include: unauthorized access of praipheral (monitored by bus address monitor 
930 on control ASIC 230), and attenqjts to boot fi-om the A: instead of C: 

30 drive (monitored by processor 220), (step 788). If no unauthorized accesses 
are detected, the program will allow the user to use disk drive 113 until the 
session is terminated by the user via removal of card 1 15 or system reset (step 
794). Once the user is done, system bus 292 will be frozen and the corrputer 
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100 must be power cycled (to reset conqjuter 100) before another session can 
take place (step 736). 
ACCESS HIERARCHY 

FIGURE 8 shows one embodiment of a hierarchy of secured 
5 access codes among a multiuser organizatioa The present invention teadies a 
hierarchy coding method used to generate femilies of access codes vvWch 
permit horizontal and vertical segregation of access codes within an access 
hierarchy. As shown in FIGURE 8, the access code is designed to allow a 
superior of a subordinate user access to the conputer of the subordinate, but 

10 only if the superior has access in the same vertical portion of the user 

hia-ardiy. For example, referring to FIGURE 8, user 520 cannot access the 
information on user 510's conputer (520 is subordinate to 510), but can 
access the information on the conputers of users 522. However, user 520 has 
no access authority over user 550 (no horizontal access privilege), nor does 

15 user 520 have access authority over users 552 (lacking vertical commonality). 
A benefit of such organizations of key information is that access may be 
limited in an organized and restricted hierardiy. For example, if somehow 
security is conpromised in the middle branch of FIGURE 8, then the left and 
ri^t branches are not conp-omised. 

20 A vast array of users may therefore be accommodated easily 

within the hierarchy shown in FIGURE 8 by dedicating access code words to 
each level. In one such embodiment, sixty-four (64) bits are allocated to the 
access code word describing 510 level, allowing 2^ unique codes at 510 level; 
sixty-four (64) bits are allocated to the access code word describing level 520, 

25 allowing 2^ unique codes at the 520 level; and sixty-four (64) hits are 

allocated to the access code word describing level 522, aUowing 2?^ unique 
codes at the 522 level. These bits may be stored on card 1 15 in dedicated 
registers and assigned by the security administrator during the authorization 
visit 

30 The horizontal separation of users, may be easily attained by 

including an extra question in the list of quaies posed and answered during 
the verification program executioa An answer could be predetermined vMch 
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would be common among all users in a common vertical groiqj, and wdiich 
would segregate them from other users in other vatical groups. For essanph, 
each individual vertical groxq> would be identified by a unique, predetermined 
response to the same questioa The response could be m^jped to a binary 
5 number, which could serve as a consistent ofifeet for purposes of generating 
the access code. For exanq^le, if a question asked for a favorite sport, die 
response "golf could be used by all members of a particular vertical groiq) to 
identify their groip. 

In one embodiment of the present invention, fifteen (15) 

10 questions are used to identify the user, an extra question is used to identify 
the particular vertical brandi of the access tree the user resides. These 
questions are employed to select the DES encryption keys available to the 
user, hi this way, the DES encryption key questions serve as a further 
randomization of the access code vAnch is user dq)endent. 

15 Essentially, access information is distributed between the xiser 

(in the preprogrammed responses generated by that user), the card 1 15 
(programmed wiien tiie individual is given access authority), and RAM 260 
stored on card reader controller board 109. Therefore, in one embodimait of 
the invention, the access code is a combination of the user, the card, and the 

20 conputer wWch the user uses. This provides for a hi^ level of security for 
the entire system, and requires that tiie user be r&-aufhorized by the security 
administrator every time the user^s access privileges are lost due to incorrect 
or inp-oper attenpted access. In this way, security administrators can control 
the access attenq>ts by the users since tfiey are mformed each time a potential 

25 security breach is encountered; users must be re-authorized if the 

identification information in RAM 260 is destroyed by attOT5)ted unauthorized 
access. 

DESTRUCTION OF DATA 

Logical destmction of the data resident on the various memory 
30 storage devices found on the con^niter system may be preprogrammed to 
occur after a fixed number of failed attenq)ted accesses (see FIGORE 7 
discussion of retry counter, step 758). hi one onbodiment, board 109 goes 
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further and freezes the systOTi bus 292 to prevent unauthorized retrieval of 
sensitive information following detection of a potential security breach. The 
data stored in hard drive 1 13 is logically destroyed when the DES encryption 
key is erased since the key cannot be reconstructed by the intruder. 
5 Therefore, if the key information in RAM 260 is destroyed, it is equivalent to 
rradering the data stored in hard drive 1 13 logically destroyed, since without 
the encryption key it is undecipherable. In one embodiment of the preset 
invention, the DES key kemel information stored on RAM 260 is destroyed 
by clearing RAM 260 using an algorithm executed by processor 220 upon 

10 detection of attenpted unauthorized access, or by grounding the power pin of 
RAM 260 using transistor circuit 210 as described in the section LOGICAL & 
PHYSICAL DESTRUCT HARDWARE, above. A iurther hurdle requires that 
any user whose card 1 15 is invalidated by unauthorized access visit the 
security administrator to get their card reinstated Hiysical destruction of tfie 

15 data storage media is also possible by asserting physical destruct signal 212 
generated by control ASIC 230 under control of processor 220 in the event of 
a breach, triggering destruct padcage 213 desigaed to physically destroy the 
hard drive 113 and RAM 260. 

Alternate embodiments of the destruction means of the present 

20 invention are also possible. In one embodiment, the selection of destruction 
means and the process by \\iiich the destmction methods are invoked are 
programmed by altering the code in the internal ROM of processor 220 or by 
varying the value of retries allowable on the register of card 115. Therefore, 
one embodiment of the present invention is not limiting and does not 

25 materially limit the scope of the present inventioa 

FIGURE 9 illustrates one embodiment of the present invention 
showing a card reader receptacle 820 mounted with a hard drive 810 to 
facilitate physical mounting of the card reader and a resident hard drive. For 
exartple, a hard drive .113 can be co-located with a card reader 11 1 to form a 

30 single unit comprising a secured disk drive as shown in FIGURE 9. This 
mounting scheme illustrates only one of several possible embodiments of the 
mechanical mounting of the card reader receptacle 820 in the present 
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invent oa Other embodiments illustrating the mechanical mounting of card 
reader receptacle 820 are possible without materially modifying the scope of 
the present inventioa 

Those skilled in the art will readily see that the present 
5 invention ofiFers several benefits over other devices including but not limited 
to the ability of one embodiment to provide three levels of cornpvter security. 
For instance, one onbodimait of the present invention provides security in 
three distinct ways: 

(1) immediately asserting control of the conqniter system vpon 

10 initialization in the fomi of preboot protection, since the card reader interface 
board simulates the C: drive loader code before an intruder can intemq)t the 
system and thereby immediately takes control of the CPU; 

(2) after preboot control is acquired a user verification program is 
executed to ensure that the user is authorized to access the conqmter, and 

15 (3) ongoing monitoring of computer activity as the computer system is 

in use, to detect attenpted unauthorized accesses using a bus address monitor 
and destroy sensitive program and encryption key information before an 
intruder can break into the system. 

Those skilled in the art will readily ^jpredate that the scope of 

20 the present invention is not restricted to securing personal conq)uters, but may 
be extended to securing other types of computer systems (larger or smaller) or 
specific periphCTals of both small and large corrqjuter systans. Additionally, 
the present invention may be enployed to secure the digital data stored on 
any systmi which stores sensitive digital informatioa 

25 The present invention discloses the use of the card reader 

interface board 109 in conjunction with hard drive 113. It should be parent, 
however, that the same type of security could be ^>plied advantageously to 
control the contents of other nonvolatile memory such as a contact disc (CD) 
ROM system. Personal Conq^uter Memory Card International Association card 

30 (PCMCIA card), or streaming t^ backiq) unit Indeed, the present invention 
can be spplied advantageously to control access to any peripheral which coxdd 
be connected to a computer systera For instance, the present invention could 
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be applied to secure subsections of mass storage devices, sudi as partitioned 
hard drives or PBX switches. Alternate encryption methods, larger or smaller 
data and address buses, alternate integrated circuit cards and readers, and 
modifications to the control algorithms employed in the present invention n^y 
5 also be used without materially altering the scope and spirit of present 
invention. 

It is to be understood, however, that even though numerous 
characteristics and advantages of the invention have been set forth in the 
foregoing description, together with details of the structure and function of tiie 
10 invention, the disclosure is illustrative only, and dianges may be made in 
detail, especially TDatters of shape, size, and arrangement of parts within the 
principles of the invention, to the full extent indicated by the broad general 
meaning of the terms in wttch the appended claims are ©qpressed 
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What is claimed is: 

1. A method of operating a computer, conqjrising the steps of; 
a) prior to boot, acquiring control of the CPU; 

5 b) loading a verification program; 

c) verifying that the user is authorized using the verification program; 

d) prohibiting access to the computer if the user is not authorized; 

and 

e) providing access to the conputer if the user is authorized, 
10 conpising the steps of 

1) monitoring bus accesses to detect if a user is attenpting to 
read or write to an unauthorized peripheral; and 

2) destroying memory contents if unauthorized attenpts at 
access are detected 

15 

2. A method of protecting information stored in nonvolatile memory of a 
con:q)uter system having a system bus, conqjrising the steps of 

a) providing a plurality of sources of identification information for 
identifying an authorized iiser; 
20 b) restricting access to the conputer system by the steps of 

1) performing preboot control of the con^juter; 

2) loading a verification program; 

3) reading identification infomnation from the plurality of 
sources; 

25 4) conrqiaring the identification information read from the 

plurality of sources to vmfy the authorization of the user; 
c) if the user is an authorized user, providing access to the conpxiter 
by the steps of 

1) allowing access to the computer system; 
30 2) constracting an encryption key from the plurality of 

sources; and 
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3) encrypting the information stored in the nonvolatile 



5 



memory using the cxmstnicted encryption key; and 
d) if die user is not authorized, freezing the system bus such that 
another atterrpt to access the conputer system requires a powerdown 
to reset the conputer system. 



3. The method according to claim 2, wiierein the step of providing a 
plurality of sources includes the step of providing identification information 
from an integrated circuit card, identification information input from a user, 

10 and identification information resident in the computer system 

4. A mediod of protecting information stored in nonvolatile mOTiory of a 
conputer system, the conputer system having a central processing unit 
(CPU), the method conprising the steps of 

15 a) providing a conputer system with an interface board with a 

resident verification program and a loader program for loading the verification 
program; 

b) restricting access to the nonvolatile memory, vdierein the step of 
restricting access includes the stq>s of: 
20 1) controlling the conputer system central processing unit 



(CPU) during initialization and prior to booting the conputer, vdierein 
the step of controlling conprises the steps of 



a monitoring and storing BIOS calls made by the CPU 



25 



during the loading of the verification program; 

b. initiating an initialization of the conputer system; 

c. simulating a boot disk such that the CPU loads the 



30 



loader program; 

d executing the loader jjrogram; 

e, loading the verification program; and 

f executing the verification program, wiierein said 



program verifies the identity of the usct; and 
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2) if the user is verified as an authorized user, allowing access 
by the steps of: 

a providing access to the nonvolatile memory; 

b. booting the conq^uter system from the nonvolatile 
memory; 

c. monitoring and storing BIOS calls made by the CPU 
during the booting step; and 

d. detecting logical accesses whidi could corrpromise 
the security of information stored in the nonvolatile memory, 
wherein the step of detecting logical accesses includes the steps 
of 

1- conparing BIOS calls stored during the 
loading step with BIOS calls generated during the 
booting step; and 

2. if BIOS calls do not match, fi^eezing the 
system bus, requiring a power cycle of the conrpvter 
system to reset the conputer system. 

5. The method of claim 4, wiierein the method finther conpises the 
20 steps of 

constructing a unique endyption key obtained from a plurality of 
sources; and 

encrypting information stored to the nonvolatile memory using the 
encryption key; 

25 and wiiaiein the step 4.2.d2 of freezing the system bus conpises the 

step of logically destroying the data stored in the nonvolatile memory by 
destroying the raciyption key. 

6. TTie method of claim 4, wiierein the step 4.2.d2 of freezing the system 
30 bus conpises the step of physically destroying the nonvolatile memory, 

thoieby destroying the data stored in the nonvolatile memory. 



10 
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7. The method of claiin 4 wiierein the step of detecting unauthori^sed 
logical accesses corrpises detecting unauthoriTcd peripheral accesses. 

8. A secure computer system for controlling a user's access to 

5 confidential information stored in nonvolatile memory, the system corrpising: 

a) a system bus; 

b) a central processing unit (CPU); 

c) an identification card, containing identification information for 
identifying authorized users of the conf5)uter system; 

10 d) a card reader for reading identification information fi*om the 

identification card; and 

e) a card reader interface, connected to the system bus, \^dlerein the 

interface operates to assume control of the CPU upon initialization of the 

conputer system, the interface conq^rising 
15 1) a dedicated data bus for comraunications with the 



nonvolatile memory; 



2) a dedicated data bus for communications with flie card 



reader; 



20 



3) a verification program to be executed by the CPU for 
limiting access to the nonvolatile memory to only authorized users; 



4) a memory storage device for storing user-specific 
information; 



25 



5) an encryption system vAnch enorypts the data stored to the 
nonvolatile memory using an encryption key constructed fi-om data on 
tfie identification card, data in the memory storage device, and iiputs 
fi-om the user; 



6) an input/output bus address monitor circuit for detecting 
attempts to bypass the verification program; and 



30 



7) a memory erasing circuit for destroying encryption key 
information stored in the manory storage device if an unauthorized 
access is detected by the interface. 
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9. A method for protecting information stored in nonvolatile memory of a 
conputer, the method corrprising the steps of 

a) providing means for interfacing an information bearing card to the 
computer; 

5 b) storing individualized questions and answers v^ch uniquely 

identify a user on the information bearing card; 

c) reading identification information and card information fi-om the 
information bearing card; 

d) executing a verification routine upon initialization in order to 
10 determine wiiether the user is authorized to gain access to the protected 

information stored in the nonvolatile memory, \^ilerein the verification routine 
comprises asking the user the individualized questions and conparing answers 
received against the stored answers; and 

e) if the user correctly answers the questions, permitting access to 
15 portions of the protected information stored in the nonvolatile memory. 

10. The method according to claim 9, fiirtha" con^sing the step of: if the 
user does not correctly answer the questions, fi'eezing the coixputer and 
requiring that the conoputer power be cycled to reset the corrputer, 

20 

1 1. The method according to claim 9 fiirther conprising the step of 
programming the information bearing card with individualized access privilege 
information to idaitify winch nonvolatile memory devices the user is 
privileged to access. 

25 

12. The method according to claim 9, v^^i^ein the step of permitting 
access connprises the steps of 

a) verifying that the user is privileged to access the information stored 
in a first storage device; and 
30 b) if the user is privileged to access the information stored in the first 

storage device, permitting access to the protected information stored on the 
fiiist storage device. 
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13. The method according to claim 1 1 further conprising the step of if the 
user atteirpts to access information from an m^vileged storage device, 
freezing the cowputcr and forcing the user to reset the conputer system and 
begin authorization verification again. 

5 

14. The method according to claim 9, v^iierein the step of reading further 
comprises the step of: incrementing a retry counter if the user incorrecdy 
answers a question, and waiting for a subsequent user response if the retry 
counter has not reached a predetermined value, otherwise terminating the 

10 authorization procedure. 

15. Hie method according to claim 9, \^ilerein the step of reading further 
conqjrises the steps of 

a) reading a card identification code from the card indicating card 

15 type; 

b) determining a card type from the card identification code; and 

c) if the card is a maintenance card, allowing a user access to the 
computer for maintenance purposes, without allowing access to the nonvolatile 
memory of the computer. 

20 

16. A secure con^niter providing for the controlled access of internal 
devices via a card reader, the conq^uter conqmsing: 

a user input device; 

a card reader; 
25 a screen displa>^, 

a central processing unit (CPU); 

a device containing non-volatile CT*U program code; 

a CPU system boot ROM; 

a plurality of peripheral devices; 
30 a system data bus; 
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a microprocessor for writing and reading information to and from a 
card placed in the card reader, the microprocessor and the CPU 
connected through a dedicated data bus; 
an encryption engine; 
5 a volatile memory device for storing data retrieved from the card by 

the microprocessor, 

said CPU system boot ROM including code for instructing the CPU to 
start executing the CPU program code in the device so that the CPU 
program code in the device takes over control of the CPU, so that 
10 upon a power-up, clear, or warm-boot reset of the conputer die CPU 

program code in die device obtains control of the CPU; and 

said CPU responsive to said CPU program code, to perform an 
authorization verification procedure conprising the steps of: 

a) instmcting the microprocessor to read a card placed in 
15 the card reader by a user and obtain at least one 

question from a list of questions stored in the card; 

b) displ^ong the question to the user on the screen display, 
and waiting for a response from the user on the input 
device; 

20 c) passing the response to the microprocessor and the 

microprocessor con:5)aring at least one user response to 
a list of correct answers stored on the card; 

d) receiving the results of the corrqjarison by the 
microprocessor and allowing access to the conputer if at 

25 least one user response matches a corresponding cotrect 

answer; 

e) generating an encryption key from data on the card, data 
stored in the volatile memory device, and responses 
received by the user; and 

30 f) encrypting all data stored to the plurality of peripherals 

using the encryption key. 
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17. The conqDuter of claim 16 further comprising: 

a security circuit for monitortng attempted unauthorized accesses of the 
conq)uter; and 

a logical destruct circuit, connected to the security circuit, for 
5 destroying data in the volatile memory device if unauthorized access is 
detected by at least one of the microprocessor and the security circuit; 
and wherein the microprocessor performs the steps conpising: 

monitoring and storing CPU BIOS routine calls during the 
authorization verification procedure; 
10 monitoring and conparing the CPU BIOS routine calls during 

the rebooting process to detect control of the system data bus by 
another program; and 

if the BIOS calls stored during the authorization verification 
procedure do not match the BIOS calls monitored during the rebooting 
15 process, then logically destroying the data in the volatile memory 

device; and 

wherein the CPU performs the additional step of incrementing 
the value of a retry counter if the user incorrectly answers a question, 
and waiting for a subsequent user response if the value of the retry 
20 counter is less Aan a predetermined value, otherwise tOTninating the 

authorization procedure. 

18. The conqDuter of claim 17 \\herein the compatec further conprises one 
or more pltysical destmct medianisms logically connected to the 

25 microprocessor for physically destroying data on at least one of the plurality 
of peripheral devices. 

19. The conputer of claim 17 further conpising a pltysical destruct 
output and physical destruct package, flie output for triggering the physical 

30 destruction of the secure con^juter by conpiter control upon detected 
attempted unauthorized access. 
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20. The computer of claim 17 A\iierein the key information is generated 
from data stored on the card, in the volatile memory device, and from 
responses entered in by a user during the verification procedure. 



wo 95/24696 



PCT/US95/02579 



1/14 



105 \ 



103 V 




10. - ^mMmy w. 



FIGURE 1A 



125 



119 



POWER 
CONTROL 



121 
PERIPH.2 \ 



~ M PERIPH. 1 h 



129 
S 



121 



PLD 



126 
BOOT ROM I 



/1 03 



109^ 



f 



'U 



123 



101 

^ 

KEYBOARD I 



SCREEN I 
----^ I 



105 



Iv. 



117 



MICRO- 
I 116 ^ PROCESSOR 



127 ^1 31 111 



RAM 



CARD 
READER 



FIGURE IB 




SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 PCTAJS95/02579 



2/14 



+5V 



T 



(j35 



MICRO 
PROC. 



116 



137 



131 



141 143 145 



127 




+5V} 



RAM 



139 



J_ 



+5V 



125 \ 



71 



—p — r 

147 149 



r 



151 153 155 




195 



FIGURE 1C 



SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



PCT/US95/02579 



3/14 




FIGURE 1D 




SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



PCTAJS95/02579 



4/14 



in 




< 

LU 
D 

Li. 



•c 

< 



CD 
LU 

o 



SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



5/14 



PCTAJS95/02579 



100 




225 



212- 



Physical 
Destruct 
Package 



224 226 

RST f ^ ' 



213 



710 . 221 - 
230 



111 



card reader 



115 



IC card 



109 



228 220 



240 



Processor 
Z8 



Hard Drive 
Controller 
Logic 



CPU 



7 



290 



222 



tnt ze Port 

Control 
ASIC ^' 



Monitor 



Freeze 



K 

211 



292 



Data Steering 
Network 



274 



260 Vcc 



RAM 

Vcc 



263 



261 



262 



200 



Battery — 
278 270 











CE 




A 






B 


280 



^276^ 




ROM 



210 

211 



trigger 



272 



Control Lines 



Hard Drive 



113 



FIGURE 3 



SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



6/14 



PCT/US95/02579 



o 
ro 




SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



7/14 



PCTAJS95/02579 




SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



8/14 



PCT/US95/02579 




SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



PCT/US95/02579 



9/14 



initialization 



computer system's BIOS proceeds to identify the 
system components; 

processor 220 monitors and memorizes the reads 
made during the BIOS identification procedure 



704 



BIOS reads the first one and/or two sectors of data from /" 
ROM 280, containing the loader program code 610 



708 



the loader program is executed, which in turn, 
loads the remaining 128 KBytes from ROM 280 
containing the verification program 620 



709 



processor 220 is notified by control ASIC 230 
that the last byte from ROM 280 is read into 
CPU 290 and therefore verification is about to execute 



712 



processor 220 generates unsolicited card status 
from card reader 1 1 1 



713 



the verification program 620 is executed by the CPU 290 



714 



0 



FIGURE 7A 



SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



10/14 



PCTAJS95/02579 



control ASIC 230 Is instructed to connect 
processor 220 to the system bus 292 
via data steering network 240 and cipher engine 270; 

enable destruct interrupts 



722 



unsolicited card^ 
status received by 
CPU 290 from 
Drocessor 220?^ 



No 



721 



Yes 



IC card in card reader? 




Yes 



726 



J 



728 




Yes 



apply power to card reader 



729 



card issues unsolicited reset J' 
message upon power up 




732 



734 



No 



■c 



CPU instructs CRT 
to flash "insert card" 
message 



End 



y 



736 



FIGURE 7B 



SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



PCTAJS95/02579 



11/14 




No 



Yes 



Questions and Answers loaded into 
RAM 260 



746 



display question to user 



748 



connpare answer to correct answer 



LT 




752 



756 



increment 
retry counter 



Yes 



762 




Yes 



calculate DES encryption key 



LT 



764 



■c 



End 



No 




FIGURE 70 



SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



PCr/US95/02579 



12/14 



0 



load DES encryption key f 
and table into cipher engine 



772 




BIOS initialization routine 



y-788 

unauthorized accesses include 
-attennpts to access unprivileged peripheral 
-attempts to execute a non-BIOS different booX routine 



FIGURE 7D 



SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



PCTAJS95/02579 



13/14 



in V, 



O 

- 

in 



o 
in 



CO 
00 

in 



o 

o- 

in 



O -V 



2 O 

to U- 
w o 



o 

w E 

5 



in 



in 
in 



00 

m 

Z) 

o 



o 
m 
m 



O 

m V 



CM 

in 



o 



O 
CM 

in 



SUBSTITUTE SHEET (RULE 26) 



wo 95/24696 



PCTAJS95/02579 



14/14 

o 




SUBSTITUTE SHEET (RULE 26) 



